This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. ...
This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. ...
Upcoming SlideShare
Loading in...5
×

CyberSecurity DIKW Briefing Note

3,743

Published on

CyberSecurity DIKW Briefing Note

Published in: Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,743
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
30
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

CyberSecurity DIKW Briefing Note

  1. 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If youwould like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark email; mesbernard@gmail.com CyberSecurityisdependentupontheeffectiveprotectionofdata,information,knowledgeandwisdom(DIKW).Identificationandassessmentofassociatedrisksiscrucialtosecurelymanagingtheseassetsappropriately.Safeguardingtheseassetsfromknownvulnerabilitiespotentiallyimpactingtheirconfidentiality,integrityand/oravailabilityisthekeytosuccess. TheDIKWChartbelowdescribesadevelopmentcyclefrombasicalphanumericchartersandmeaninglessgibberishcommonlyknownas“data”intohighlyvaluedknowledgeandwisdom.Asinformationalrecordsareconstructedfromdata,informationundergoestestingandrefinementresultinginknowledgeandwisdom.Asdataistransformedfromitsbasicrawformatintoinformation,knowledgeandwisdomitsvalueincreasesexponentially. Dependinguponthelocationoftheknowledge,whichcouldbethehumanbrain,hardcopyordigitalaudioandvideothevulnerabilitieswillfluctuate.Ifthevalueishighenoughathreatmightbemotivatedtoexploitavulnerabilitytoaccesstheasset.UnderstandingwhatDIKWassetitisthatyouareprotectingbyfacilitatingariskassessmentwillhelpyoudesignandimplementacontrolframeworkthatwillsuccessfullymitigatetherisk.Theultimategoalistoremovethemotiveandopportunityfromthethreat.Wecannotmitigatethethreat’scapabilityonourown,butwecanreducethelikelyhoodbyremoveasmuchaswehavecontrolover. Diagram A Data “0” value Information $ Knowledge $$ Wisdom $$$ Example: Threats= Human, Nature Vulnerability= Contamination, corruption, damage, lost data, Hardware defects and vulnerabilities, etc…. Example: Threats= Human, Nature Vulnerability= Lack of Data Quality, software /hardware /telecom defects and vulnerabilities, not adequately secured, no contingency planning, etc…. Example: Threats= Human, Nature Vulnerability= Invalidated, not tested or verified, inaccurate information, data corruption, aging human mind, time sensitivity, not adequately secured, no contingency planning, etc… Example: Threats= Human, Nature Vulnerability= Untested Knowledge, Not independently verifiable, aging human mind, no succession planning, etc… Humans,storeknowledgeandwisdominlongtermandshorttermmemory.Thisknowledgeisusedtoincreasetheirtacitknowledgeanddirectexplicitknowledgeatspecificsubjectsandtopics. HumanResourceshastraditionallymanagedtherecruitmentofhuman’swithuniquetrainingandexperiencetoimproveorganizationalcapability.TheKnowledgeManagementprofessionhasgrownoverthelastdecadeplayinganincreasingroleinthemanagementoforganizationalknowledgeandcapability.Knowledgeisvaluabletoeveryorganizationanditneedstobeprotectednomatterwhereitsstored,processedortransmitted. Theinvestmentinsecuritymustnotexceedthevalueoftheasset.OneimportantfootnotetoconsideristhatDIKWarecodependentduringthedevelopment,testingandverificationstages, howeverDIKWcanalsoexistindependently.FacilitatingandinventoryofAssetsisessential. DIKW Development Chart
  2. 2. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If youwould like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark email; mesbernard@gmail.com BelowIhaveprovided3examplesofDIKW;Inexample#1I’vedescribedHumanResourcesDIKW,inexample#2I’veprovidedanexampleofDIKWforPaymentSystems,andinexample#3I’veprovidedanexampleofDIKWforCyberSecuritymonitoringsystems. Name B-date SIN Phone Performance History Employee record Succession Plan /Capability Plan /Budget Information $ Knowledge $$ Wisdom $$$ EXAMPLE#1ofHumanResourceDIKW Data -individual elements have no value Name Card# SIN CVV Transaction History Customer record Capability Plan /Budget Information $ Knowledge $$ Wisdom $$$ EXAMPLE#2ofPaymentDIKW Data -individual elements have no value IP Date Protocol Action SIEM /HID /ID Log record Incident Management Plan /Counter Measures Information $ Knowledge $$ Wisdom $$$ EXAMPLE#3ofCyberSecurityDIKW Data -individual elements have no value

×